hxxp://heylink[.]me/NATURALSEXXO

Analysis

max time kernel
289s
max time network
291s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://heylink.me/NATURALSEXXO

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{4F7DCEB8-1056-4E75-A226-681890483A0D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
1420	msedge.exe
1420	msedge.exe
3228	identity_helper.exe
3228	identity_helper.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5932	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5932	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 4512	1420	msedge.exe	84
PID 1420 wrote to memory of 4512	1420	msedge.exe	84
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 2940	1420	msedge.exe	85
PID 1420 wrote to memory of 4660	1420	msedge.exe	86
PID 1420 wrote to memory of 4660	1420	msedge.exe	86
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87
PID 1420 wrote to memory of 1092	1420	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://heylink.me/NATURALSEXXO
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff914d546f8,0x7ff914d54708,0x7ff914d54718
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1412 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1538374348009739758,14431263741103999220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:2780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\37f706d8-e3b0-4f0f-8094-7835d63d01eb.tmp

Filesize
1KB

MD5
8cadb73ccdef271c536c9eb55ceca8ad

SHA1
56a7ec3238339642ba6bbd010da99733e9b58e72

SHA256
2852774878a88d770ce60e663c04cc0bff9c19250b383b463fda1eb71085113d

SHA512
385585fef9f167554c0d4f5ba847c04b15ecf951b3fef20baa9303bf31ef2336c5ebd2326425b6479e831769a4c31a952553597b1c64bcdb0d9231d24519b881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
22KB

MD5
1e24a78f1c6fc1774e8c77cddb76f412

SHA1
8f9b62496c99a78b77d584a04866473ef3eca157

SHA256
bf7688085dd1005b7460ff352585eb4e5e68b97980085ad0184d9108310dfad3

SHA512
8d0fcb2b67d2ebd74f116fda66779b2f518b61de8eb2680148e2f8da28c09f01840e8a4b02a7e212f9fff6a75505725a8ade0c6e3d2139787a7f75381f669b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2

Filesize
70KB

MD5
0f6e110e02a790b2f0635d0815c12e5c

SHA1
2411810c083a7fda31c5e6dd6f1f9cf1b971e46c

SHA256
2f7018f3c214ace280e4bd37aabe0690bd9d8d0532f38e32a29d1f9de1320605

SHA512
2f2fb7c4ddfb6abb5dcde466269f625eea58a2c69d25830e6bb24126e7679ec7c83fdb0d8ff2a7de4dd4b994513f5e80813dbf1f5d6a9a474c3a60d8bee74f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3

Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b4

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b6

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

Filesize
1.2MB

MD5
0aba6b0a3dd73fe8b58e3523c5d7605b

SHA1
9127c57b25121436eaf317fea198b69b386f83c7

SHA256
8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

SHA512
6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d2

Filesize
43KB

MD5
77ad2a9fb99a4b14419fa968b8c1b979

SHA1
c96d6b5ec25173529cc98c29a3f4ac8769dfee65

SHA256
c8654ac665692db225fbaeb4a51c55474c8d7f02804ef274e231e250fb0afd8a

SHA512
9f353af0ca21457f659bc880ebf8ce941895418dd5d2b472a8ac87ee0d3b31a611021ea81af9c100d892e596cb814e56ea15c8fb3a51eec4815ab879d6c9b690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

Filesize
101KB

MD5
3d3b6f22c3acf503027a823b199e24f4

SHA1
0aab9ba7edc28f143a6620702997862aaaf3aace

SHA256
a6e0e383ae43ef4e1619d5f8f47931a627d375601c6bfc3a24fa85caf12feb15

SHA512
3529e8b9f52fa8b25afdfae736cd7d6cc32d6b5ece7542bd56b0a90471f78ce980c3de41eff4600639462156447d668af647f8129e2ad9b5d21ae28843e7e9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
df5df672dd55944f23e1735087f9088f

SHA1
fa082f6a1040a0cf40b9bfabae9973a026f417b1

SHA256
2fc0b5303d0fdf3683f82f950cb3a6485b4ae369d1880795fca29b39b531128d

SHA512
eceb5a4f584071e26232e1acee3de8ed36d5a48fec69f3ae3566c5b952ab5364ff9ff24ae59ff1ba4e0b235d1d95fb873f553672feaf63f5f5009573c0fe230d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
bc9c1aff88fc731dc3ced9342c6bb50a

SHA1
d4d414c70d2665f89e70cf1edf7327f5971a8629

SHA256
0edb742c5b1595ec7764e7596e4936832c1b9d1efacb62ce2e339cae71dfbe57

SHA512
20fc6f877a4d5c87f7cfa611b8c3664d40a4168dfe28e069350b8c9a3f5db2be84a90e622bfa350bf2c23b611279fde997cc56cbae91e15a924de2305d80d698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f5b8521f1f804cc722284c03dd6f6d22

SHA1
3b6872453dd1525ad08944db462ec9b8d6a63cac

SHA256
e082a047c50251a0ab17e71386bf6dca9a4dd3f20a4b35934973b0bc6118a1d0

SHA512
80b3353f36647da2e5cdfd7711009babe1a4aa177549a1b3a126f7ca7bee48df0330c6848fca34ccf65b217ca1f1edb313f6bba69efea2c0e197effe262e2aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1a9b52e86604539d1c210e185ddb6e33

SHA1
5cd4213a0468c23a2f18514fc911b9600ad384ae

SHA256
128e68860dcc913ca71fc99452a58cd993c73969688032b1fbf207b12324ee2b

SHA512
15b7b17ecf6621896c34b7e33e2b2a35df27cea55d5d78a90c108979a5fdf6b918c77135e858467a47afa77d8cf716720cbb3af07b100911cb1ebbe80193cd4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
23dc6d257f69a100086c3a4d0a54a17e

SHA1
8921ff33d422a107ab1b46ed7bd364acf0a09d0a

SHA256
ec03e0da2b1d2b44cfa32919394ee7e2bad22943e3478968609f17e7f40f1501

SHA512
c66e882e30d3805cc576ef5ec90ddad9650e0635f0e440fdb0738a84d25fada2066deafdfc9586308354fdb08d3ea40c6d525f3c766af4fd63356644ef9eeab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9c4f8dad2bb4c05f41374c91e511d620

SHA1
a8f2d056ac46392b782ed32f6809e0261dacbad8

SHA256
4f3650008603881d87c1f762c9beabd322f2ba15474bf7bfc6998ea75c7ac7ba

SHA512
5a6d2de10b80956fae42ace225221415c1305183835a07e8fd6f428c9a5fca36d38f2b6ca76b39f66030e4b9733b9936fb217af320df2ecdcb119e19a75efb91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9c1f290086d1d1d12baaacb87519bfb6

SHA1
a27939492004fbf71df6568c96a2344319875d50

SHA256
46207d7145fe747dd8c332e4a2855c7d03450ca793bd6cfe58ed81f6b4473ed7

SHA512
18dd30e8a19ecbfccb7985c419a4831903c0df0202a0013bfeab118cf873e6691b7aafd7b5835cca0757aedc799600e29aa5445c4c0fc9aace93406ec673fb16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
7eb621873113f01179195586b7bbbd1d

SHA1
c2bd497a1a946777e028ebc37c0f9fd9d9342922

SHA256
c2c0e1fb6663001abaa2b85502b93be04ab9235dcccaf7b23c4fd008e4fff7a9

SHA512
b5fc53ac8f43a549c38107cbca0ba0a0489d2f8d29e6997cf1fea1c4870feb42b50eaa753a51f87fd85bcf578bf311556952808491bcb18277fdf1d5e4217625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f781bccfb2baef92620ba9a9647cd479

SHA1
6351b01bfbb803fee0795e1ae2ffac619fb3288e

SHA256
19168f4b8caeeefa31904a8c4cf20fcc8da6b8cf78824ce4017b7b86e1955fa9

SHA512
530b4668c5db3156e02585f334da2fbb909086dbcb196704c1456edded4eac7cf2824067e160a6037bd21216a3b90cdb0aa8ae8a3da88a7757aa3528ea6803b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8f0492089433b0c7d9313c6459c6bd63

SHA1
d1b5edd0540e1b384bbcf12c5a7554671ec2d25a

SHA256
ab2c3f359038b6cbdc60022ff81a169709eca44b5e8e9ca0f4cd20187034d264

SHA512
4309358d8c1dee56f24f98e620b0d231f6bcdf748e4cf0a7c370087f7b3714277bfaa6e1506c6566abf8773d67f70ec092bdeacedda05a00b4dd883011b6f280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5379b4a5b17a34695d6c4e367a1c04d3

SHA1
efdef7c9ab17e5a96f5ce6b88908bacef7208dd4

SHA256
1b82e4edea410dd48c8eace3808cc287ccd0440d7ebd0342d463c5757b445988

SHA512
6dff7b62caa5a60edcc039d26c624591831e0f6a98cf63a81e9bb4b29004146dd3fdbea0049c3ce7e3386b7f40c4b9480065a9681975559d1b14fcad89aaffde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
097846ee761e22d82785e475688cffaf

SHA1
96cb38893c4618c62800b606dbb3b7ea03ab9471

SHA256
659030ce7bf0064f6e0642a22d1a257abe6c0ce65e928723943c4725cd20afc4

SHA512
1eb40d32581ed14f7bf54a7372d1813f600b58194c006b15aeb6a2f5f5a8b5350b0afb75dbf7b768ab96f564d9d69cbfddadba87c2280134897aec694a1b36d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
96e62327d33d3bf0af453b6fe692c464

SHA1
4b7ad3038725024105d5ac5b77e34597185f9713

SHA256
159d9b88cc0f4f6cd2c093fff9f4aa52666d34401995da07e4f2d5b842daa9c9

SHA512
2c2a1f71e78f66dd53f6e4d5bd3ec8c23bd960b64ebc68fabd08f8fae80599bb1a79c179566ef73c3a6fe3d6db59ec462543d55fd5aaffdca775eaa25932b525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
91ccd59e39efa4361cbc96cb75fe8d60

SHA1
95ccd5f6e1f0c9b1141a9d95bbdac12dd6b4d688

SHA256
1672c71f09c086e0b8345603c218a9c2d5fdd09a23b5d3ec0b1d3ee24b47fed0

SHA512
17a716379e3a3f40b87f557dc00877fbb56ca1e006bbf300e12d6d1d6a5380e26c06e69561cd85d5a07485e283ee4a05b07c104863bd4d8fa625018322549a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6666594f4d91bd7035c6f9d27c5412d

SHA1
330b49d6ff66a0d7d6988b1a8a4b1adab011185e

SHA256
7325aad9874e6d00a7ee054128683f0b617b960b5bbfa35704df3522fe2bce69

SHA512
c8a48f68e0c1918c3b8bc763c8e1187264755e39f81dde1864f9f4359723187802aff708d15e26f07e7333918096661968fb56737ed7cd3036debd9051285309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ba7b2dcb67faa713b27fbf3cf367e3d1

SHA1
39156fc89401b6665528c7369d84f8281d10c618

SHA256
f187a73fb68de8cd142f08871c35051190813bd18a4595d116e532099863f275

SHA512
f383c8b2b434c346e30898ecda930250b00172bccc9bfdc149ff9535d4f5abe2e5d0b1cf994d5310908da674d75b901cb3c63702bc3f923f17db938b8ed2208b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
aa4c18b80430f0dfdc1b1e3504728432

SHA1
275a5642569c71bbb7671568a328889b4e01337d

SHA256
b4243ab4a96c5758ee3231a5a70f677fcf3df36462a57ab3a6e64629340961f8

SHA512
48241cb67a5a4dbaada4ce941dd3d3c768d7b41e40751f0350eab7b1af53e09abda5e119ebf1487b1c39092247d532eaf451ba485056218ccbf7a586352ba76c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
23913855a1ab3a2973748b84a4fc8202

SHA1
53dbe043d4a0f430b850853ac4e384c55eb6e343

SHA256
08c35b174c21f568cbef17e20806574b435f1547c6c663a847d512e5ae57362f

SHA512
cd2269fe5a6a867a784d86902f6df4d1e5e3ba9d15493ba98a57b7443e9cbd42ed4acd7cdb874aa013fab75b5d01f47c9e7c13fbb81dc89c7f2cf55fa42c8217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d848e1cdebb709f77b7ac51fbae2595d

SHA1
a86bfc88ead18c20790a86248a0df187e85ddcf7

SHA256
c0e60d6034d35253ab55bfce01905cc223fbd3884994f04d8bb9a2a89622ed69

SHA512
1a08499ddc2f3fe62322ccfa0001f752c3dc06e5e7442db26c469e71bac9f4b686c348ce5ce32185f32f3ff1f03e88a79904a6c1168778dc8129b83ca2b1d6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fd2b3a07ca6e93e48d58cad19286a943

SHA1
5f8245f400cc4200c9262c8740967cd93c81f16e

SHA256
7273bbe985cac1ae944c6709fed4f848064ad98264d2d1cf81774cb8c67d65d6

SHA512
348c7c5608d6739dab29e3e16b34215f385b7461e65401412c12466bb99d826d28ae91cb8667f1b86cdc5d412e4bdb5846baa69cda6643cb60bc9b54d006c16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
d9bbe5b7b7fd9ec2aae4a3f3cc1f8a92

SHA1
06e304afde018225c88831cd9e92be0b6e2b3b07

SHA256
92655788bf10abacc55197581945c5c36f9f619f56b8e6cc5e6baa1ea24dfda6

SHA512
0ed4fad951cdbcb1cc4c6596f6f875297496870fc53eda021f69b51af808c9fb65a1a9d58a89e4af91cadf3ab96f079a39cf2475ce5ffce29636fbadee736054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
56e9aefae7b1a435dda84f51eaad7c28

SHA1
e4d545f7175ea01bae3277dbaa6334fd01d7ca21

SHA256
1af504e1587e0a72a08cbf39208773185af0ef4fe16716ae9a82796e37be732b

SHA512
3815049762086aa0ba26f7b1a37755c48570bc719df9651c2f14117a5cff1e011cfe5fd18c18833cf3f495fd810b52bdbbea73dfaf48fc9244d2cc672207cafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a1280.TMP

Filesize
48B

MD5
ec9d79defec9916ee90c26beb6494b3c

SHA1
b30bc06896fcb6c2c1aaf0dc49223e6200d0e4c9

SHA256
3d6b0a5233ef79c3316a890a69dbc086dc9813c266560e3aa9fa35eb497142bc

SHA512
d939012a05aa594549ca513fa2eb9e8f801c1af367078c2442061652b53a9f3a6cec4cb1e89f6f5c48dabe96db7eb0f6b06c523b5b0a9faf11e7a1382cec8529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99930c47c7c84934c3b356997fccf59e

SHA1
2965a3dadbda319b65b99fd4769865305c77a6b1

SHA256
a43e28a78094b394d5f668fe10f4381f0db64643f7d865d2f718631969cd7be1

SHA512
d35be004cb83c3a95309b4ecf19d04d66c767450851d083e582d5cf7d861abf27fafab1a648572ac1c75fd7d2bea6d97eb7adaef03af8380db773abf0dd723d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f79c9b75cbc9471b5debb3cd1ffdb4c0

SHA1
04f61caeeced6cddf290889b1a6a47bbcaf5d16e

SHA256
80ca0f28bd36d42f76f72ba7349e179276ff6114aea25ef44eec64466e3fb0a6

SHA512
20671415f95e0f9e9d38e90f96eb2e9937f002739b8b2ca0c134b472ba799e3ecd3b02e1e8afee40918cd66c8e67b2c57ab8f8164277f6b559abfd663421ac4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
31e5a98aafa8b29f53d470b744873876

SHA1
8f933e162d06340a6cf051d72a343e5a723215ac

SHA256
55019247256722ec7f57a21721887251c9372a9488c778567e02fc62bdbcd2ae

SHA512
ad79473b7b3774b6962102f1bfd3a29d5c2699300478b61599b08b159495d8281b9ea894abcf2755141e926d14fc537a5c89a27282b2a8a0644eaf174657024f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
47a5191cb7d6d09f0ebc8decd3bdb0a4

SHA1
e4e4c60ddc7a0c72e5d9327a4e3ebe80d261e4e5

SHA256
dcf98dbb93ba14cfc38bc1688f83fccfe593896f47700d1947c4c92391b7ee62

SHA512
3954ebd9835fd59edcbc46c799d6a70f044af2c95a26f26484db77d8a51c87c7141378c2af01e29fc0770f779225b543b2987080cb2df6d9e3eb3acf2f6dbcc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a6236280687e071f9f1800ca94ce7cfb

SHA1
bd75fa58918da76b2af0f3562deb2f4390c296a0

SHA256
ffff7f7ebcb58066cf136953889c67be17836f6bb2a7ecfd4160c90afc37a81c

SHA512
4b8343fc6793430fea87bbdfab3f57c8a4570de6767fce20869c6515a7704118c09204417c485911b7563db923a930461fab2f072ca6dd363600cda5f3711f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9f4ec24b5738619c98c0ea053db0b431

SHA1
09b58c2a171bc18a23858c4ad751cfa051c4a61a

SHA256
a14ef1b97464d54ca81d2df52c542265489427bf01d1bdf086c417d8c43ad2bf

SHA512
4bb20854bc2558b8c241eff9a059bece24aed1dcd8fabcf041affd0fd2958eb48ab2ffbcbf3ed9af24ccfeba62ada875ae9f5d33cfab7e9cca82a929b77cbee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9bd5715fc31046817a489eb7d422a972

SHA1
16b63990988a2ff3c75d206399f7cab981bf255b

SHA256
05605359d672e1b0e0f28986fd7c42aca01922aedadc736ace8e2124d41e56a1

SHA512
bc5e0e0ab6c4acd40ba9cbd723bed13f19f463230d785d6f76d2862342bcaeeb7591484387ea773aadf7f2a7c50d638d1920c919f4ca0f9fe1c73f570ce2d74e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e140d90d8f58c414f7e720476e450c0b

SHA1
4914edd96fc5f57156fbb7684cd21cc7b0d4013f

SHA256
dcd9d9d1cca51924a24e65e5f006914a00f568feca4d756d1e88400e3b44f39d

SHA512
609677975c5116dddfa97205f13decc4fbba2c556bfadcc7d24288124ac0be7f1b4b8a00e1a7dd4e5e767137e98756f64f123117dfdf2a7ebc14e6a2a44022dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c585f07162a18f3687667bf240ff8a4e

SHA1
0d6b6d6303230b0b21cf4925ed31e854eee3cd2a

SHA256
d88516403ccaeaeb0cddae65868fb3d760ba4b4224d398b5dad76d6c19567262

SHA512
9ab62279e09409199431e08200816fb91ba75dc43b409a9206d10ea26794e7f0b2efa8e2a4c2869ba504334ee4ee9428bd388f47eb3af77189702205f2359dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c1a5ec6826c5b3d97eb7f65cd0425700

SHA1
c064f9beb01c91d76b35e11405ea32e5957dc159

SHA256
c19aac91a853d2e75358a448fc98f514447e6372a1b7f7115d41e9183b4eb095

SHA512
49beaadcb1e1edb856ba0d22fd279d1543b17bb0125907a4cea298f2ab21354e9e9fc32a004014708f8d9c8c022250e80469fb0dde7bb04fa870c6eb089120ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0fb822684548379e0de6b4e9fcb14bca

SHA1
e87b587d13a17dbe5c717ce4090af4f2c58aac7d

SHA256
cc00dab7191c15c4114daa9ae6e22079a37eff7706b9df85b8512207bd3b682b

SHA512
441a2f6a87abd637fc64dbffc796491a760f15bcfcf9dbc355d1fbecf8a5535150f9280d387ea27f1b1fe3af60134fce3947eecaa5b58215ed6a7aa61bfbbd7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9a220f1b83bb581e3669565b7cc497ec

SHA1
484ba180a0aff60ce569867a74897a575c43c71a

SHA256
e97f8eb22e68411f864ebf2490bd919d173d76325c36700d49278596eacc569a

SHA512
8646bbb87cb4d37712126e059f1ab256dee7772f3498ea7cd779b5696c096875270705ad3eaadb7c7fefa8460dabd2b66c7217eee5f2bcefc98556eba287c13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f2757e57cf183f556e5d48b337425975

SHA1
ea8127cb0388f80f0418d4dc2982cf32ae505c48

SHA256
2dabe5797f4321d70c27ac78ab4233387cd89eea4cee262632db0ee879b8f981

SHA512
b4e2e4e1015f718f54c3bb09547d39ce1d902c8fc9ebd14502e8c3b80e75507bb9f4f6961ce78e13a82dc8713838307a2cb7c0c440b1d85ff8078348dcaf1fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58335f.TMP

Filesize
1KB

MD5
bdc47b9cbafdfd8b8c0c47fc8328add7

SHA1
5ea86e543edc029d30e1a503c5e65e23d3887d59

SHA256
bbebbc5b3ed78ccdbeac222f049db82e051817308f1f1d2394ec3ca7bace77ab

SHA512
3c828628b87e06887aef93943520a5786fb848a7e3e75107a9443a3ee6278e2bdc03ca7f1fdf9a15db67c50c8119bdeca110af448816bcf7749c3009b42e7320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c6f27d62-368e-4c84-ac27-35ed4fd2b167.tmp

Filesize
7KB

MD5
88a70e9f7ebb937bf027a6cfed95f3bb

SHA1
107bc67fb91e398f0dfb3b31399bef52f91d79f6

SHA256
72eb4a5ef540c84a3921edb963a74558d2552d0791525ffc7068e30f1c609629

SHA512
f8ca810af48416dd31ad4597d1c0d654debe0f321fbd628d464a4a2f67e56aca11045c493126ec369663cbee25c21fd0edd4ef010a27373575729dba6a53e18a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e2045697f4c75ce2a62aa7ee93632bc

SHA1
e4746959eac6951cfb97ce8e40aeac284eb71901

SHA256
391ec3f72ef26414a5af3b5dd63a51ebac9fd43e4fc6a11e273625db44bf02d6

SHA512
c7c290fbe5d0945b71010d5ea6817ea368b134b7d174676f07cc060c3c965c36106318629b590c2b402f572fcbc0c42c1e8c0a041d55789704b8d6404538352d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
b3bdb329bbc054e7e9d7282d0ebfae69

SHA1
b4ff3de0338f418cf42aa1b791ed224d24e37276

SHA256
6b69ebeb51d2453138f8198bc09987bc283f26472c1770a0244b004d73aeabc1

SHA512
6721968541b8d7af7e1bf37304d39e708b4ab51bc6686325bc23ee9effa6f73953ab9b8415c36b5c099f0cd52c5687c80ff6a12619b9b5aba8884df6e9b98477

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
a0e491a0627edad358998b7bee7664f7

SHA1
b919efa50b29f410902351609c14673ffb8efbcf

SHA256
924dc37204f25247e585c31b4d8d537f7a9a794b1189b3705c4be58ae056d65e

SHA512
7c19bea01bcc809495b395d2f37447a1fd3b8332ed8a38a4fc83a1ee482a615cbbb0a06408cbc468681f9df599ec322b09473d26fdc29476a9f2ed97b2a5890e

Download Submit